Post navigation

MPs in the New South Wales Parliament couldn’t resist perpetrating an online prank on one of their number earlier this week.

The victim of the prank was Andrew Gee MP, sitting member for Orange. Naked Security readers will remember Orange as the home of convicted Aussie hacker David Cecil, a.k.a. Evil, who clocked up a two-and-a-half year prison sentence earlier this year for offences relating to the unauthorised access to and modification of data.

Gee was up on his hind legs, orating to the House, when messages started coming from his Twitter account. He’s deleted them now, but that hasn’t expunged them from the record – the Sydney Morning Herald faithfully reported them on its light-hearted Friday back page, The Diary:

I’m talking about really good things now

So many memories being had

My shoes are shiny

Gee’s iPad wasn’t lost or stolen. It was lying in what I’m sure he imagined was supervised safety on the parliamentary furniture. He simply hadn’t banked on the sort of “supervision” his party colleagues had in mind.

Tweets not yet eradicated by the embarrassed Mr Gee explain away his apparently magical Tweet-whilst-talking powers, laying the blame on Messrs Wollondilly and Drummoyne (those are the names of the seats, not the MPs!) and unnamed others.

Gee’s boss, State Premier Barry O’Farrell, joined in online with a short but entirely pertinent Tweet to say:

@AndrewGeeMP & set your iPad lock

This, in turn, provoked the Member for Orange to observe:

But you wouldn’t have thought you’d need to use it in such distinguished company.

A fair comment, perhaps.

In truth, though, you would (or at least should) have thought exactly that.

Computer security is no longer really suited to the idea of a trusted interior and a hostile exterior.

You should work on the assumption that bad things could happen at any time. Then take a defensive security posture to suit that assumption.

The Premier is right. Set your iPad lock. While you’re about it, consider all the other security-oriented settings from which you and your users could benefit, and think about how to ensure that everyone is doing the right thing.

(Yes, that image to the right is a shameless plug for a Sophos product which helps you do just that 🙂

And never mess with another guy’s computer or mobile phone.

Wollondilly and Drummoyne, it seems, were careful not to put anything truly embarrassing or derogatory into Andrew Gee’s mouth, with the result that little harm was done. But it would have been much better – and would have set much higher standards – if they’d resisted the temptation altogether.

I may sound like a bit of a wet blanket for saying that, but it’s hard to take a position against hacking, cybercrime, identity theft and other serious online crimes if you’re prepared to condone the unauthorised use of someone else’s iPad simply because it suits your own sense of humour.

As it happens, Section 308D of the New South Wales Crimes Act of 1900 (as of 6 July 2012) specifies a penatly of up to ten year’s imprisonment for Unauthorised modification of data with intent to cause impairment.

Gee’s jesting chums may not quite have broken this law [*], but that doesn’t matter.

They shouldn’t have done what they did…and Gee shouldn’t have made it easy for them.

–

[*] Are you a lawyer? If so, why not leave us a comment letting us know how close you think these MP pranksters came to breaking the portentously-named Crimes Act of 1900?

Firstly, whoopee cushions actually _are_ funny. ("It may be low-tech but I still maintain the whoopee cushion has comic validity," in the words of Dr Sheldon Cooper of BBT.)

Secondly, to compare this with a whoopee cushion prank, you'd have to compare it with rummaging around in my briefcase, behind my back, to dig out _my_ whoopee cushion for your prank.

That's why I rather carefully wrote that "little harm was done. But it would have been much better – and would have set much higher standards – if [Wollondilly and Drummoyne had] resisted the temptation altogether."

The deal is not the semi-amusing Tweets, but the knowing misuse of someone else's account on someone else's computer. I think that a zero-tolerance attitude to this sort of thing by adults – notably in parliament! – is needed to set the right standards for the next generation of internet users…

You will abide by all rules, to the letter. Punishment for any deviation will be swift ad severe. You will be assimilated by the Borg; resistance is futile. You will be perfect – no exceptions or allowances!

A little boy draws a picture of a gun in school, and he is sent home for a “weapons violation.” A girl has a travel tin of aspirin in her purse, and she is called in for violating the “no drugs” rule. Zero tolerance, you know.

Let's say that you went out to the company parking lot and accidentally got into the wrong car. Realizing that the two vehicles were identically keyed, would it occur to you to move that car a few parking places away and then get into your car and drive off? No, it wouldn't, would it?

In the days of Win9X, there was a program that would render the desktop upside down.

One can print the desktop screen and save it to a file, drag all of the icons to the Recycle Bin and then set the saved desktop file as the wallpaper, thus disabling all of the “icons.”

One can add a line to Word's autocorrects so that “the” will never appear as “the.”

People like to play. Play is healthy. In the above – or similar – examples, if the intent is not malicious, and if the pranks are promptly reversed, then they benefit office morale.

What the MPs did was not mean spirited. They did not intend to inflict any harm, nor did they do so. However, they broke a rule, and that is all that matters.

I wouldn't last a day as your employee, and you wouldn't last a day as my boss.

"The imposition of a zero tolerance policy is obnoxious beyond words."

Apparently not, since you then spend an oxymoronic 285 words on the issue.

You start by assuming that anyone who isn't prepared to tolerate computer misuse must, ipso facto, be a repressive, revenge-seeking imperialist; you drag in specious analogies involving cars, drugs and guns; incite behaviour likely to lead to a breach of orthographic peace; and trivialise this entire issue as "they broke a rule, and that is all that matters." (If they broke anything, it was a law enacted by the very legislature they represent; what matters is not that they broke something, but their choice of what to break, and how, and where.)

Worst of all, you deploy an insult that is an unacceptably casual conflation of Star Trek and HHGTTG! You can't just swirl together Borg and Vogon like that and sneakily suppose that a separating semi-colon will spare you from censure!